A new slew of cyber attacks have hit South Korea-based SK Communications service, Cyworld and NATE leaving as many as 35 million account holder’s personal information compromised.

The hack reportedly left information such as the account holders names, phone numbers and email addresses compromised.

The company did also report that some passwords may also have been taken, but was quick to add that they were all encrypted and thus unusable without the encryption key.

A subsequent statement by SK Communications clarified:

“The company has confirmed that a leak of customers’ information has taken place due to hacking on July 26.

“The specific scale of the hacking is still being investigated, but it is estimated that some of the personal information of 35 million Nate and Cyworld members have been leaked.”

…

For full original article, see here

South Korea has blamed Chinese hackers for stealing data from 35 million accounts on a popular social network.

The attacks were directed at the Cyworld website as well as the Nate web portal, both run by SK Communications.

Hackers are believed to have stolen phone numbers, email addresses, names and encrypted information about the sites’ many millions of members.

It follows a series of recent cyber attacks directed at South Korea’s government and financial firms.

Details of the breach were revealed by the Korean Communications Commission.

It claimed to have traced the source of the incursion back to computer IP addresses based in China.

…

For full original article, see here

The attack, which began on 4 March, 2011 and continued for 10 days, was launched from a network of compromised computers in South Korea. Once the attack ceased, the bots destroyed the host operating systems, forcing users to reinstall Windows.

“After the DDoS, the malware wiped the master boot record, creating extra problems for civilian users, wrecking the botnet and voluntarily destroying the infected machines’ [operating systems],” McAfee researcher Georg Wicherski told ZDNet UK on Wednesday.

Botnets are normally preserved by their operators — the compromised computers can often be repurposed, and used to generate revenue.

While the aim of the attacks was simply to bludgeon South Korean military, banking and government websites, the methodology used was complex.

The botnet command and control servers were arranged in multiple tiers according to a McAfee report (PDF) issued on Wednesday, while commands were sent to the bots in the form of encrypted binaries. A number of different encryption ciphers were used, including the US government standard AES, throughout the files.

“It’s not really necessary to use such a strong algorithm unless you want to delay analysis for as long as possible,” said Wicherski.

…

For full original article, see here

North Korea has been conducting “drills” for cyberwar against its southern neighbor using simple, but very effective denial-of-service attacks, according to security experts.

A team from McAfee looked into the attacks on South Korean internet networks in July 2009 and March this year, and concluded they were probably efforts by North Korea to test cyberwar weapons.
Those weapons are blunt and crude, but they work.

First, the attackers built a botnet – an army of slave PCs – by luring people to download free stuff from a popular file sharing site. Lurking inside the downloaded files were trojan horses, designed to install code on the hapless PCs and tie them to the botnet.

Later, when the command came from above, every single machine in that network would flood certain South Korean websites with requests, effectively bringing them down. That’s what’s known as a distributed denial-of-service attack, or DDoS.

…

Read more: http://techland.time.com/2011/07/06/report-cyber-attacks-against-south-korea-were-war-drills-by-the-north/#ixzz1TsqagT53
…

For full original article, see here

South Korea’s military will create a cyber warfare school to help combat growing Internet attacks from North Korea, an official said Wednesday.

The army has teamed up with Korea University to open in 2012 the new cyber-defence school, which will admit 30 students a year for a four-year course.

Courses include how to break malicious Internet codes, ways to psychologically prepare for cyber warfare and other IT technologies to guard against potential attacks, an army spokesman told AFP.

“We… seek to nurture warriors to fight in cyber warfare amid growing cyber-terror threats from North Korea and to secure a stable supply of specialists,” the army said in a statement.

…

For full original article, see here

South Korea has one of the most advanced IT infrastructures on the planet, offering the world’s cheapest access to the fastest internet connection anywhere. Approximately 95 per cent of its near 50 million citizens surf the web – a statistic virtually unmatched by any other country.

Despite being so technologically advanced, however, the country continues to suffer from ongoing cyberattacks, which authorities say are from North Korea.

Seoul has identified the assaults as part of the North’s plans to strategically nurture its cyberwarfare unit, and responded with pledges to bolster its own cyberdefence programme by doubling its number of hackers. It is also establishing 24-hour cybersecurity centres under the auspices of key government agencies such as the unification ministry and the central bank.

South Korean authorities and experts, alongside defectors from the North say the country’s communist neighbour may be taking its war with the South from the trenches to the cybersphere – seeing it as a more effective way to topple its capitalist enemy.

…

For full original article, see here

On March 3rd, WordPress was also hit by DDoS attacks. The attack lasted about two hours, and affected a number of high profile “A-list” Web sites, such as CNN, BBC, and TED as well as other 18 million hosted blogs. According to WordPress founder, Matt Mullenweg, the attack “may have been politically motivated against one of our non-English blogs.” Attribution remains unclear.

At “multiple gigabits per second and tens of millions of packets per seconds,” the attack is the largest in WordPress history. In 2008, WordPress experienced 268 DDoS attacks in a week, at a peak of 24,000 packets per second and 264 Mbp/s. According to John Dunn over at PC World, “that such attacks are now reaching into the Gigabits is a symptom of the greater resources that can now be accessed by attackers.” These can be seen in the 10 to 15 Mbp/s DDoS attacks experienced by Burma’s Ministry of Post and Telecommunications ISP in the lead up to the country’s first elections in two decades in November 2010 (as compared to the 814 Mbp/s DDoS attacks in Estonia 2007).

In a separate incident, just less than two weeks ago, amid calls for a “Jasmine Revolution” in China, the main Web site of Boxun (an independent Chinese news resource based in the US) received what it calls “the most serious DDoS attack we have received.” For more on DDoS attacks on independent media and human rights groups, see the Berkman Center for Internet and Society’s 2010 Report on Distributed Denial of Services Attacks.

While North and South Korea consider the possibility of reopening cross-border talks, the two countries’ hackers are conducting a proxy war in cyberspace.

In recent days hackers from the South have poked fun at the Kim dynasty, rulers of North Korea for more than 60 years, and their Northern counterparts retaliated by temporarily disabling a popular South Korean website suspected of being behind the attacks.

Pyongyang reportedly warned of “grave consequences” for South Korean hackers found to have tarnished the name of the Kim family.

Users of the South’s dcinside.com website claimed responsibility for hacking into Pyongyang’s official Twitter account, @uriminzok, and its official website, uriminzokkiri.com. They posted messages denigrating the North Korean leader, Kim Jong-il, and his youngest son and heir apparent, Kim Jong-un.

The Pyongyang regime launched Twitter and YouTube accounts last summer in an attempt to harness the propaganda potential of cyberspace, although very few North Koreans have access to the internet. The Twitter account now has more than 11,000 followers, although it has been inactive for the past three days.

One tweet posted by hackers urged the North Korean military to “point guns towards traitor Kim Jong-il wasting fortunes on nuclear and missile weapons instead of feeding his people”.

On Uriminzokkiri, hackers called for an uprising against the ruling dynasty. “Let’s create a new world by driving out rebels Kim Jong-il and his son Kim Jong-un!” they said.

The first letters of an apparently adulatory 12-line acrostic sent to the North’s website spelled out derogatory remarks about the ruling family.

The hackers’ coup de grace came when they posted a video on the regime’s YouTube account to coincide with Kim Jong-un’s birthday on Saturday. The short animated film shows the younger Kim driving a sports car along a railway track laden with birthday gifts, mowing down his impoverished countrymen along the way.

The Seoul-based Free North Korea Radio said North Korean officials had questioned the operators of Uriminzokkiri, based in the Chinese city of Shenyang, over their failure to prevent the attacks.

Much of the disruption has emanated from South Korea, but the North reportedly employs a team of expert hackers who are thought to have disabled dozens of South Korean and US websites in July 2009.

North Korean hackers are thought to have retaliated in the latest cyber exchange, temporarily paralysing dcinside.com through a DDOS (distributed denial of service) attack.

Yesterday the site marked its return to service by issuing a challenge to the Pyongyang leadership: “Come out, Jong-il and Jong-un! Let’s fight!”

The propaganda wars are not confined to private citizens: the Korea Times reported plans to launch propaganda audio and video webcasts targeting the few North Koreans with access to the internet.

Not all South Koreans support the online onslaught against the North. A 54-year-old man allegedly violated the South’s strict national security laws by posting about 100 messages in praise of the North Korean regime on his blog and Twitter account. He also accused Seoul and Washington of fabricating the March sinking of a South Korean warship and said Pyongyang had been provoked into attacking Yeonpyeong island in November.

The justice ministry in Seoul has threatened to punish South Koreans who try to connect with North Koreans via Twitter’s reply and retweet functions. South Koreans are banned from unauthourised communication with North Koreans, and offenders face a prison term.

North Korea opened consecutive accounts on U.S.-operated popular micro-blogging and social networking services this month, gathering thousands of “followers” and “friends” from all over the world including South Korea.

The unusual move by one of the world’s most secretive nations on Twitter and Facebook has been sparking concerns and disputes in Seoul, which has a mutual agreement with the communist North to refrain from propaganda activities.

The “cyber war” comes as tensions are running high between the two Koreas after a team of multinational experts concluded that Pyongyang torpedoed a South Korean warship and killed 46 young sailors in March.

Source: Shin Hae-in, The Korean Herald.

Guns and cannons may have vanished from the public’s sight, but a new form of battle is surfacing on the divided Korean Peninsula, with an apparently cyber-savvy North Korea using the Internet as a way of spreading propaganda.

North Korea opened consecutive accounts on U.S.-operated popular micro-blogging and social networking services this month, gathering thousands of “followers” and “friends” from all over the world including South Korea.

The unusual move by one of the world’s most secretive nations on Twitter and Facebook has been sparking concerns and disputes in Seoul, which has a mutual agreement with the communist North to refrain from propaganda activities.

The “cyber war” comes as tensions are running high between the two Koreas after a team of multinational experts concluded that Pyongyang torpedoed a South Korean warship and killed 46 young sailors in March.

North Korea, which continues to deny its role in the disaster, appears to be expanding its propaganda warfare in response to the move by Seoul and Washington to slap it with additional sanctions to deepen its economic and diplomatic isolation, pundits here say. Seoul and Pyongyang are technically still at war as their 1950-53 war, during which Washington fought on South Korea’s side, ended in an armistice.

South Korea, one of the most wired countries in the world and a leading information technology nation, has so far responded by blocking its citizens from direct access to North Korea’s Twitter page, threatening offenders with jail. The North, in turn, engineered ways to bypass some of the censorship. The purported North Korean Twitter had more than 8,000 followers before it was blocked, reports say.

Pyongyang also used a link on its Twitter account to redirect micro-bloggers to a related page on Facebook, a global social networking forum that later deleted the page saying it violated the site’s terms of use.

North Korea has also been uploading video clips ridiculing officials in Seoul and Washington on global video-sharing site YouTube since last month.

Officials in Seoul said they believe such online activities are “conducted directly” by Pyongyang.

“North Korea does not allow its own people to go online for information-gathering or other purposes. This is among many reasons why we cannot view this as an ordinary activity,” a Unification Ministry official in Seoul said, requesting not to be named due to the sensitivity of the issue.

Right-wingers here support the government’s move to block access to North Korea-operated Web pages and say the government should take action on its plan to resume psychological warfare operations.

As part of countermeasures to the March 26 sinking of naval corvette Cheonan, Seoul’s Defense Ministry was seeking to resume broadcasting anti-communist propaganda through loudspeakers arranged near the heavily fortified border with the North and sending propaganda leaflets by balloon.

The plan was put on hold, however, due to concerns of deepening tensions.

The ministry said it had “no immediate plans” regarding the issue.

Conservatives also emphasize the need for the government to come up with active countermeasures to Pyongyang’s cyber terrorism, which is anticipated to grow into a larger threat as the reclusive state becomes more familiar with information technologies.

North Korea is believed to operate an elite team of hackers. This team reportedly attacked websites of South Korean and U.S. government agencies and businesses last year.

But others here say the government is overreacting.

“I actually think this is an interesting issue. I want to welcome North Korea on Twitter,” said Roh Hoi-chan, a lawmaker of the left-leaning New Progressive Party and an active micro-blogger himself. “It is impossible to unilaterally promote oneself in Twitter. I am actually surprised our government feels threatened by this.”

The lawmaker also said such online activities “cannot be seen as violation” of the inter-Korean exchanges law as the government claims.

“If we apply the law in such a broad sense, we should also have to control our own associations flying leaflets across the border,” he said. “We live in a world in which any South Korean could meet and talk to a North Korean overseas. It is too closed-minded of the government, and also virtually impossible, to block access to Internet pages.“

http://www.koreaherald.com/national/Detail.jsp?newsMLId=20100825000714

Korea is attempting to present computer security as a topic of discussion for the Group of 20 meetings in Seoul later this year. However, the talks for establishing an international body for combating cybercrimes seem to be discouraged.

The Korea Communications Commission (KCC), the country’s converged regulator for broadcasting and telecommunications, and the Ministry of Public Administration and Security had vowed to include the forming of the new body as an agenda for November’s G20 summit of world leaders.

Government officials now confess to the difficulties of getting everyone on the same page. The Public Administration Ministry announced in February that the country was considering establishing the international cybercrime organizations here. But the difficulty in securing the budget, as well as the slow advancement in related research, appears to have pushed the plans to the backburner for now.

“The talks about the international body have been consistent since last year’s Asia-Pacific Economic Cooperation (APEC) cyber security seminar and we will continue to report on the progress of our preparation later this month,” said a ministry official.

“It will be difficult to include the talks about the international body on the G20 agenda. We have yet to achieve agreement over our plans with other G20 countries and we need more talks.”

The establishment of an international cybercrimes body based in Korea would be somewhat of an ironic development, as a slew of data breaches in past years have proved that the country doesn’t have a computer security defense system.

Security is becoming an increasing problem due to the sophistication of cybercrimes, such as distributed denial of service (DDoS) attacks, which are triggered by massive networks of hijacked computers used by hackers to cause disruption and steal data. Korea’s computer security mettle was tested unfavorably during a massive DDoS attack that crippled over 80,000 computers at homes and offices in July last year.

With security issues expected to become an increasing problem as computing moves toward the server-based “cloud” era, which further blurs the geographic boundaries in information technology (IT) services, policymakers here are stressing the need for better international collaboration.

“The G20 is obviously focused on the talks to strengthen the economic recovery and fix global financial systems, but with the increasing number of cyber attacks on online financial services and e-commerce services, security has become a real economic issue. Discussing the issue as a G20 topic would be meaningful,” said an official from the Financial Security Agency.

http://www.koreatimes.co.kr/www/news/biz/2010/08/123_70876.html